Add automatic disk unlock prompt; minor help/info improvements
This commit is contained in:
parent
317721ca4c
commit
6c32f2e054
GPG key ID:
3F8B1861E32B7DA2
1 changed files with 37 additions and 7 deletions
|
|
@ -47,9 +47,11 @@ print_help() {
|
|||
fix blank screen on bootup issues)
|
||||
'-p' Partition and create filesystems only. Do not copy data
|
||||
'-s' Use 'authorized_keys' file from working directory, if available
|
||||
(see below)
|
||||
'-v' Be more verbose
|
||||
'-u' Perform an 'apt upgrade' after each 'apt update'
|
||||
'-z' Erase boot sector and first partition of SD card before partitioning
|
||||
(an extra paranoia step, but it can’t hurt)
|
||||
|
||||
For non-interactive operation, set the following variables in your environment
|
||||
or on the command line:
|
||||
|
|
@ -69,8 +71,9 @@ print_help() {
|
|||
connected and its clock correctly set.
|
||||
|
||||
If remote unlocking via SSH is desired, the unlocking host must be reachable.
|
||||
Alternatively, SSH public keys for the unlocking host or hosts may be placed
|
||||
in the file 'authorized_keys' in the current directory.
|
||||
Alternatively, SSH public keys for the unlocking host or hosts may be listed
|
||||
in the file 'authorized_keys' in the current directory. This file has the
|
||||
same format as a standard SSH 'authorized_keys' file.
|
||||
|
||||
Architecture of host and target (e.g. 64-bit or 32-bit ARM) must be the same.
|
||||
|
||||
|
|
@ -953,20 +956,40 @@ tmpfs /tmp tmpfs defaults,nosuid 0 0"
|
|||
}
|
||||
|
||||
edit_dropbear_cfg() {
|
||||
local file text
|
||||
file="$TARGET_ROOT/etc/dropbear-initramfs/config"
|
||||
local dest file text
|
||||
dest="$TARGET_ROOT/etc/dropbear-initramfs"
|
||||
file="$dest/config"
|
||||
text='DROPBEAR_OPTIONS="-p 2222"
|
||||
DROPBEAR=y'
|
||||
if [ "$IP_ADDRESS" == 'none' ]; then
|
||||
[ -e $file ] && rm -v $file
|
||||
true
|
||||
else
|
||||
mkdir -p '/etc/dropbear-initramfs'
|
||||
text='DROPBEAR_OPTIONS="-p 2222"
|
||||
DROPBEAR=y'
|
||||
mkdir -p $dest
|
||||
[ -e $file ] && grep -q '^DROPBEAR_OPTIONS="-p 2222"' $file || echo "$text" >> $file
|
||||
_display_file $file
|
||||
fi
|
||||
}
|
||||
|
||||
create_cryptroot_unlock_sh() {
|
||||
local dest file text
|
||||
dest="$TARGET_ROOT/etc/initramfs-tools/hooks"
|
||||
file="$dest/cryptroot-unlock.sh"
|
||||
text='#!/bin/sh
|
||||
if [ "$1" = "prereqs" ]; then echo "dropbear-initramfs"; exit 0; fi
|
||||
. /usr/share/initramfs-tools/hook-functions
|
||||
source="/tmp/cryptroot-unlock-profile"
|
||||
root_home=$(echo $DESTDIR/root-*)
|
||||
root_home=${root_home#$DESTDIR}
|
||||
echo "if [ \"\$SSH_CLIENT\" ]; then /usr/bin/cryptroot-unlock; fi" > $source
|
||||
copy_file ssh_login_profile $source $root_home/.profile
|
||||
exit 0'
|
||||
mkdir -p $dest
|
||||
echo "$text" > $file
|
||||
chmod 755 $file
|
||||
_display_file $file
|
||||
}
|
||||
|
||||
# begin chroot functions:
|
||||
|
||||
make_image() {
|
||||
|
|
@ -1049,6 +1072,7 @@ configure_target() {
|
|||
create_etc_crypttab
|
||||
create_fstab
|
||||
edit_dropbear_cfg
|
||||
[ "$IP_ADDRESS" == 'none' ] || create_cryptroot_unlock_sh
|
||||
edit_armbianEnv
|
||||
_debug_pause
|
||||
|
||||
|
|
@ -1161,5 +1185,11 @@ else
|
|||
[ "$rootpart_copied" == 'n' ] && copy_system_root
|
||||
[ "$target_configured" == 'n' ] && configure_target
|
||||
|
||||
sync
|
||||
gmsg 'All done!'
|
||||
|
||||
if [ "$IP_ADDRESS" != 'none' ]; then
|
||||
imsg "To unlock the target disk, execute the following from the unlocking host:"
|
||||
imsg " ssh -p 2222 root@${IP_ADDRESS/dhcp/TARGET_IP}"
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue